The permission system in the Orgo SaaS Platform defines user access rights and capabilities across different organizational levels. Each permission level grants specific actions for managing users, content, and organizational settings.

Quick Reference Table

RoleScopeUser MgmtHR FunctionsFinancialEventsCommunicationInherits From
Administrator (Orgo)OrganizationFullFullFullFullFull-
AdminOrganizationDELETE, CREATE/UPDATE Groups-----
HROrganizationCREATE, UPDATE AllFull + Confidential---HR Assistant
HR AssistantOrganization-VIEW Confidential, UPDATE Docs----
FinancialOrganization-VIEW Confidential, UPDATE DocsFull Payment/Products--HR Assistant
Event ManagerOrganization---CREATE/UPDATE--
Communication ManagerOrganization----Full Newsletter/Moderation-
TrainerOrganization---CREATE Training--
HR Parent LocalLocal ParentCREATE, UPDATE AllFull + Confidential---HR Local, HR Assistant Local
HR LocalLocalCREATE, UPDATE AllFull + Confidential---HR Assistant Local
HR Assistant LocalLocal-VIEW Confidential, UPDATE Docs----
Financial RegionalRegional-VIEW Confidential, UPDATE DocsFull Payment/Products--Financial Local, HR Assistant Local/Parent
Financial LocalLocal-VIEW Confidential, UPDATE DocsFull Payment/Products--HR Assistant Local
Communication RegionalRegional----Full Newsletter/ModerationCommunication Local
Communication LocalLocal----Full Newsletter/Moderation-
Event RegionalRegional---CREATE/UPDATE-Event Local
Event LocalLocal---CREATE/UPDATE--

Inheritance Tree Structure

Administrator (Orgo)
├── Admin
├── HR (Tenant/Organization)
│   └── HR Assistant
├── Financial (Tenant/Organization)
│   └── HR Assistant
├── Event Manager
├── Communication Manager
└── Trainer

Local Hierarchy:
├── HR Parent Local
│   ├── HR Local
│   │   └── HR Assistant Local
│   └── HR Assistant Local
├── Financial Parent Local
│   ├── Financial Local
│   │   └── HR Assistant Local
│   ├── HR Assistant Local
│   └── HR Assistant Parent Local
├── Communication Parent Local
│   └── Communication Local
└── Event Parent Local
    └── Event Local

Key Permission Abbreviations

  • CREATE: Create new entities (users, groups, events)
  • UPDATE: Modify existing entities
  • DELETE: Remove entities from system
  • VIEW: Read-only access
  • APPROVE: Authorize pending actions
  • Full: Complete control over the module

Understanding Permission Hierarchy

Permissions are structured in three tiers:
  • Organizational: Full access across the entire organization
  • Regional: Access limited to specific regional boundaries
  • Local: Access restricted to individual local groups

Core Permission Levels

Administrator (Orgo)

The highest level of permissions with complete organizational control. Allowed Actions:
  • Update organizational settings for REPER
  • Manage roles, role groups, event types, badge types, and unit types
  • Full system administration capabilities

Admin

Administrative permissions for user and group management. Allowed Actions:
  • Delete user accounts
  • Create and update local groups
  • Manage organizational structure

HR (Human Resources)

Comprehensive permissions for managing user profiles and organizational structure. Allowed Actions:
  1. User Management
    • Create new user accounts
    • Update user’s organizational roles via Profile -> Roles
    • Update user’s permission roles via Profile -> Permissions
    • Update user’s local group assignment via Profile -> Permissions
    • Update user’s status via Profile -> Permissions
  2. Document Management
    • Update and read confidential profile data
    • Update and approve user identity documents
    • Update and approve user adhesion requests
  3. Additional Capabilities
    • Full access to HR Assistant functions

HR Assistant

Limited HR permissions focused on document and data management. Allowed Actions:
  • View confidential profile data
  • Update and approve user identity documents
  • Create and update gamifications/badges

Financial

Permissions for financial operations and payment processing. Allowed Actions:
  1. Data Access
    • View confidential profile data
    • View payment details
  2. Financial Operations
    • Approve payments
    • Update products
    • Generate CSV reports
  3. Document Management
    • Update and approve user identity documents
  4. Additional Capabilities
    • Full access to HR Assistant functions

Communication Manager

Content and communication management permissions. Allowed Actions:
  • Create and update newsletters
  • Create public discussions (when restricted for regular users)
  • Delete comments and discussions
  • Moderate comments and discussions (content labeled as “moderated”)

Event Manager

Event creation and management permissions. Allowed Actions:
  • Create and update events
  • Manage event details and participants

Trainer

Training and educational event management. Allowed Actions:
  • Create training events
  • Manage attendees in training events
  • Configure training-specific settings

Regional Permission Scope

Regional administrators have elevated permissions within their assigned geographic or organizational region. Available Regional Roles:
  • Admin Regional
  • HR Regional
  • Financial Regional
  • Event Regional
  • Communication Regional
Scope Application: All organizational-level permissions apply, but are limited to local groups within the assigned region.

Local Permission Scope

Local administrators have permissions restricted to their specific local group. Available Local Roles:
  • Admin Local
  • HR Local
  • Financial Local
  • Event Local
  • Communication Local
Scope Application: All organizational-level permissions apply, but are limited to the user’s local group only.

Action Definitions

Core Actions

CREATE - Generate new entities in the system:
  • Users, groups, events, newsletters, discussions
UPDATE - Modify existing entities:
  • User profiles, settings, content, products
DELETE - Remove entities from the system:
  • Users, comments, discussions (restricted to specific roles)
VIEW/READ - Access and view information:
  • Confidential data, payment details, user profiles
APPROVE - Authorize pending actions:
  • Identity documents, payments, adhesion requests
MANAGE - Full control over specified entities:
  • Roles, events, attendees, organizational settings
MODERATE - Review and flag content:
  • Comments and discussions (Communication Manager only)

Implementation Guidelines

Permission Assignment

  1. Navigate to User Profile -> Permissions to assign roles
  2. Select appropriate permission level based on user responsibilities
  3. Configure regional or local scope if applicable
  4. Save changes and verify access levels

Best Practices

Security Considerations:
  • Conduct regular permission audits
  • Log all permission changes for compliance
  • Require confirmation for sensitive operations (DELETE, APPROVE)
  • Implement geographic/organizational isolation through scoped permissions
Access Control:
  • Confidential profile data restricted to HR, HR Assistant, and Financial roles
  • Identity document approval limited to HR, HR Assistant, and Financial roles
  • Content moderation exclusive to Communication Managers
  • Training event creation restricted to Trainers

Permission Inheritance

Higher-level permissions typically include capabilities of lower levels:
  • Administrator (Orgo) has all system permissions
  • HR includes all HR Assistant capabilities
  • Financial includes HR Assistant functions
  • Regional scope includes all local capabilities within the region

Troubleshooting Common Issues

User Cannot Access Expected Features:
  1. Verify permission level in User Profile -> Permissions
  2. Check if feature requires regional or local scope
  3. Confirm module is enabled in Organisation Settings -> Modules
Permission Changes Not Taking Effect:
  1. Have user log out and log back in
  2. Clear browser cache
  3. Verify changes were saved properly
Regional/Local Restrictions Not Working:
  1. Confirm user’s assigned region or local group
  2. Check organization hierarchy configuration
  3. Verify scope settings in permission assignment